< draft-ietf-httpbis-alt-svc-01.txt   draft-ietf-httpbis-alt-svc-02.txt >
HTTPbis Working Group M. Nottingham HTTPbis Working Group M. Nottingham
Internet-Draft Akamai Internet-Draft Akamai
Intended status: Standards Track P. McManus Intended status: Standards Track P. McManus
Expires: October 3, 2014 Mozilla Expires: January 5, 2015 Mozilla
J. Reschke J. Reschke
greenbytes greenbytes
April 1, 2014 July 4, 2014
HTTP Alternative Services HTTP Alternative Services
draft-ietf-httpbis-alt-svc-01 draft-ietf-httpbis-alt-svc-02
Abstract Abstract
This document specifies "alternative services" for HTTP, which allow This document specifies "alternative services" for HTTP, which allow
an origin's resources to be authoritatively available at a separate an origin's resources to be authoritatively available at a separate
network location, possibly accessed with a different protocol network location, possibly accessed with a different protocol
configuration. configuration.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
Discussion of this draft takes place on the HTTPBIS working group Discussion of this draft takes place on the HTTPBIS working group
mailing list (ietf-http-wg@w3.org), which is archived at mailing list (ietf-http-wg@w3.org), which is archived at
<http://lists.w3.org/Archives/Public/ietf-http-wg/>. <https://lists.w3.org/Archives/Public/ietf-http-wg/>.
Working Group information can be found at Working Group information can be found at
<http://tools.ietf.org/wg/httpbis/>; that specific to HTTP/2 are at <https://tools.ietf.org/wg/httpbis/> and <http://httpwg.github.io/>;
<http://http2.github.io/>. source code and issues list for tis draft can be found at
<https://github.com/httpwg/http-extensions>.
The changes in this draft are summarized in Appendix A. The changes in this draft are summarized in Appendix A.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 3, 2014. This Internet-Draft will expire on January 5, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 30 skipping to change at page 2, line 30
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3
2. Alternative Services Concepts . . . . . . . . . . . . . . . . 4 2. Alternative Services Concepts . . . . . . . . . . . . . . . . 4
2.1. Host Authentication . . . . . . . . . . . . . . . . . . . 5 2.1. Host Authentication . . . . . . . . . . . . . . . . . . . 5
2.2. Alternative Service Caching . . . . . . . . . . . . . . . 6 2.2. Alternative Service Caching . . . . . . . . . . . . . . . 6
2.3. Requiring Server Name Indication . . . . . . . . . . . . . 6 2.3. Requiring Server Name Indication . . . . . . . . . . . . . 6
2.4. Using Alternative Services . . . . . . . . . . . . . . . . 6 2.4. Using Alternative Services . . . . . . . . . . . . . . . . 6
3. The Alt-Svc HTTP Header Field . . . . . . . . . . . . . . . . 7 3. The Alt-Svc HTTP Header Field . . . . . . . . . . . . . . . . 7
3.1. Caching Alt-Svc Header Field Values . . . . . . . . . . . 8 3.1. Caching Alt-Svc Header Field Values . . . . . . . . . . . 9
4. The Service HTTP Header Field . . . . . . . . . . . . . . . . 9 4. The ALTSVC HTTP/2 Frame . . . . . . . . . . . . . . . . . . . 10
5. The 421 Not Authoritative HTTP Status Code . . . . . . . . . . 10 5. The Alt-Svc-Used HTTP Header Field . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 6. The 421 Not Authoritative HTTP Status Code . . . . . . . . . . 12
6.1. The Alt-Svc Message Header Field . . . . . . . . . . . . . 10 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
6.2. The Service Message Header Field . . . . . . . . . . . . . 10 7.1. Header Field Registrations . . . . . . . . . . . . . . . . 12
6.3. The 421 Not Authoritative HTTP Status Code . . . . . . . . 11 7.2. The ALTSVC HTTP/2 Frame Type . . . . . . . . . . . . . . . 13
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 8. Internationalization Considerations . . . . . . . . . . . . . 13
7.1. Changing Ports . . . . . . . . . . . . . . . . . . . . . . 11 9. Security Considerations . . . . . . . . . . . . . . . . . . . 13
7.2. Changing Hosts . . . . . . . . . . . . . . . . . . . . . . 12 9.1. Changing Ports . . . . . . . . . . . . . . . . . . . . . . 13
7.3. Changing Protocols . . . . . . . . . . . . . . . . . . . . 12 9.2. Changing Hosts . . . . . . . . . . . . . . . . . . . . . . 13
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 9.3. Changing Protocols . . . . . . . . . . . . . . . . . . . . 14
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 9.4. Tracking Clients Using Alternative Services . . . . . . . 14
9.1. Normative References . . . . . . . . . . . . . . . . . . . 13 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15
9.2. Informative References . . . . . . . . . . . . . . . . . . 14 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
11.1. Normative References . . . . . . . . . . . . . . . . . . . 15
11.2. Informative References . . . . . . . . . . . . . . . . . . 16
Appendix A. Change Log (to be removed by RFC Editor before Appendix A. Change Log (to be removed by RFC Editor before
publication) . . . . . . . . . . . . . . . . . . . . 14 publication) . . . . . . . . . . . . . . . . . . . . 16
A.1. Since draft-nottingham-httpbis-alt-svc-05 . . . . . . . . 14 A.1. Since draft-nottingham-httpbis-alt-svc-05 . . . . . . . . 16
A.2. Since draft-ietf-httpbis-alt-svc-00 . . . . . . . . . . . 14 A.2. Since draft-ietf-httpbis-alt-svc-00 . . . . . . . . . . . 16
A.3. Since draft-ietf-httpbis-alt-svc-01 . . . . . . . . . . . 16
1. Introduction 1. Introduction
HTTP [HTTP-p1] conflates the identification of resources with their HTTP [RFC7230] conflates the identification of resources with their
location. In other words, "http://" (and "https://") URLs are used location. In other words, "http://" (and "https://") URLs are used
to both name and find things to interact with. to both name and find things to interact with.
In some cases, it is desirable to separate these aspects; to be able In some cases, it is desirable to separate these aspects; to be able
to keep the same identifier for a resource, but interact with it to keep the same identifier for a resource, but interact with it
using a different location on the network. using a different location on the network.
For example: For example:
o An origin server might wish to redirect a client to an alternative o An origin server might wish to redirect a client to an alternative
skipping to change at page 3, line 33 skipping to change at page 3, line 33
security (such as Transport Layer Security (TLS), see [RFC5246]). security (such as Transport Layer Security (TLS), see [RFC5246]).
o An origin server might wish to segment its clients into groups of o An origin server might wish to segment its clients into groups of
capabilities, such as those supporting Server Name Indication capabilities, such as those supporting Server Name Indication
(SNI, see Section 3 of [RFC6066]) and those not supporting it, for (SNI, see Section 3 of [RFC6066]) and those not supporting it, for
operational purposes. operational purposes.
This specification defines a new concept in HTTP, "Alternative This specification defines a new concept in HTTP, "Alternative
Services", that allows a resource to nominate additional means of Services", that allows a resource to nominate additional means of
interacting with it on the network. It defines a general framework interacting with it on the network. It defines a general framework
for this in Section 2, along with a specific mechanism for for this in Section 2, along with specific mechanisms for advertising
discovering them using HTTP header fields in Section 3. their existence using HTTP header fields (Section 3) or an HTTP/2
frame type (Section 4).
It also introduces a new status code in Section 5, so that origin It also introduces a new status code in Section 6, so that origin
servers (or their nominated alternatives) can indicate that they are servers (or their nominated alternatives) can indicate that they are
not authoritative for a given origin, in cases where the wrong not authoritative for a given origin, in cases where the wrong
location is used. location is used.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
This document uses the Augmented BNF defined in [RFC5234] along with This document uses the Augmented BNF defined in [RFC5234] along with
the "OWS", "delta-seconds", "parameter", "port", "token", and "uri- the "OWS", "delta-seconds", "parameter", "port", "quoted-string",
host" rules from [HTTP-p1], and uses the "#rule" extension defined in "token", and "uri-host" rules from [RFC7230], and uses the "#rule"
Section 7 of that document. extension defined in Section 7 of that document.
2. Alternative Services Concepts 2. Alternative Services Concepts
This specification defines a new concept in HTTP, the "alternative This specification defines a new concept in HTTP, the "alternative
service". When an origin (see [RFC6454]) has resources that are service". When an origin (see [RFC6454]) has resources that are
accessible through a different protocol / host / port combination, it accessible through a different protocol / host / port combination, it
is said to have an alternative service. is said to have an alternative service.
An alternative service can be used to interact with the resources on An alternative service can be used to interact with the resources on
an origin server at a separate location on the network, possibly an origin server at a separate location on the network, possibly
using a different protocol configuration. Alternative services are using a different protocol configuration. Alternative services are
considered authoritative for an origin's resources, in the sense of considered authoritative for an origin's resources, in the sense of
[HTTP-p1], Section 9.1. [RFC7230], Section 9.1.
For example, an origin: For example, an origin:
("http", "www.example.com", "80") ("http", "www.example.com", "80")
might declare that its resources are also accessible at the might declare that its resources are also accessible at the
alternative service: alternative service:
("h2", "new.example.com", "81") ("h2", "new.example.com", "81")
skipping to change at page 5, line 8 skipping to change at page 5, line 8
This means that clients using an alternative service will change the This means that clients using an alternative service will change the
host, port and protocol that they are using to fetch resources, but host, port and protocol that they are using to fetch resources, but
these changes MUST NOT be propagated to the application that is using these changes MUST NOT be propagated to the application that is using
HTTP; from that standpoint, the URI being accessed and all HTTP; from that standpoint, the URI being accessed and all
information derived from it (scheme, host, port) are the same as information derived from it (scheme, host, port) are the same as
before. before.
Importantly, this includes its security context; in particular, when Importantly, this includes its security context; in particular, when
TLS [RFC5246] is in use, the alternative server will need to present TLS [RFC5246] is in use, the alternative server will need to present
a certificate for the origin's host name, not that of the a certificate for the origin's host name, not that of the
alternative. Likewise, the Host header field is still derived from alternative. Likewise, the Host header field ([RFC7230], Section
the origin, not the alternative service (just as it would if a CNAME 5.4) is still derived from the origin, not the alternative service
were being used). (just as it would if a CNAME were being used).
The changes MAY, however, be made visible in debugging tools, The changes MAY, however, be made visible in debugging tools,
consoles, etc. consoles, etc.
Formally, an alternative service is identified by the combination of: Formally, an alternative service is identified by the combination of:
o An Application Layer Protocol Negotiation (ALPN) protocol, as per o An Application Layer Protocol Negotiation (ALPN) protocol, as per
[I-D.ietf-tls-applayerprotoneg] [ALPN]
o A host, as per [RFC3986], Section 3.2.2 o A host, as per [RFC3986], Section 3.2.2
o A port, as per [RFC3986], Section 3.2.3 o A port, as per [RFC3986], Section 3.2.3
Additionally, each alternative service MUST have: Additionally, each alternative service MUST have:
o A freshness lifetime, expressed in seconds; see Section 2.2 o A freshness lifetime, expressed in seconds; see Section 2.2
There are many ways that a client could discover the alternative There are many ways that a client could discover the alternative
service(s) associated with an origin. service(s) associated with an origin. This document describes two
such mechanisms: an HTTP header field (Section 3) and an HTTP/2 frame
type (Section 4).
2.1. Host Authentication 2.1. Host Authentication
Clients MUST NOT use alternative services with a host other than the Clients MUST NOT use alternative services with a host other than the
origin's without strong server authentication; this mitigates the origin's without strong server authentication; this mitigates the
attack described in Section 7.2. One way to achieve this is for the attack described in Section 9.2. One way to achieve this is for the
alternative to use TLS with a certificate that is valid for that alternative to use TLS with a certificate that is valid for that
origin. origin.
For example, if the origin's host is "www.example.com" and an For example, if the origin's host is "www.example.com" and an
alternative is offered on "other.example.com" with the "h2" protocol, alternative is offered on "other.example.com" with the "h2" protocol,
and the certificate offered is valid for "www.example.com", the and the certificate offered is valid for "www.example.com", the
client can use the alternative. However, if "other.example.com" is client can use the alternative. However, if "other.example.com" is
offered with the "h2c" protocol, the client cannot use it, because offered with the "h2c" protocol, the client cannot use it, because
there is no mechanism in that protocol to establish strong server there is no mechanism in that protocol to establish strong server
authentication. authentication.
skipping to change at page 6, line 16 skipping to change at page 6, line 16
Mechanisms for discovering alternative services can associate a Mechanisms for discovering alternative services can associate a
freshness lifetime with them; for example, the Alt-Svc header field freshness lifetime with them; for example, the Alt-Svc header field
uses the "ma" parameter. uses the "ma" parameter.
Clients MAY choose to use an alternative service instead of the Clients MAY choose to use an alternative service instead of the
origin at any time when it is considered fresh; see Section 2.4 for origin at any time when it is considered fresh; see Section 2.4 for
specific recommendations. specific recommendations.
Clients with existing connections to alternative services are not Clients with existing connections to alternative services are not
required to fall back to the origin when its freshness lifetime ends; needed to fall back to the origin when its freshness lifetime ends;
i.e., the caching mechanism is intended for limiting how long an i.e., the caching mechanism is intended for limiting how long an
alternative service can be used for establishing new requests, not alternative service can be used for establishing new requests, not
limiting the use of existing ones. limiting the use of existing ones.
To mitigate risks associated with caching compromised values (see To mitigate risks associated with caching compromised values (see
Section 7.2 for details), user agents SHOULD examine cached Section 9.2 for details), user agents SHOULD examine cached
alternative services when they detect a change in network alternative services when they detect a change in network
configuration, and remove any that could be compromised (for example, configuration, and remove any that could be compromised (for example,
those whose association with the trust root is questionable). UAs those whose association with the trust root is questionable). UAs
that do not have a means of detecting network changes SHOULD place an that do not have a means of detecting network changes SHOULD place an
upper bound on their lifetime. upper bound on their lifetime.
2.3. Requiring Server Name Indication 2.3. Requiring Server Name Indication
A client MUST only use a TLS-based alternative service if the client A client MUST only use a TLS-based alternative service if the client
also supports TLS Server Name Indication (SNI) ([RFC6066], Section also supports TLS Server Name Indication (SNI). This supports the
3). This supports the conservation of IP addresses on the conservation of IP addresses on the alternative service host.
alternative service host.
2.4. Using Alternative Services 2.4. Using Alternative Services
By their nature, alternative services are optional; clients are not By their nature, alternative services are OPTIONAL: clients do not
required to use them. However, it is advantageous for clients to need to use them. However, it is advantageous for clients to behave
behave in a predictable way when they are used by servers (e.g., for in a predictable way when they are used by servers (e.g., for load
load balancing). balancing).
Therefore, if a client becomes aware of an alternative service, the Therefore, if a client becomes aware of an alternative service, the
client SHOULD use that alternative service for all requests to the client SHOULD use that alternative service for all requests to the
associated origin as soon as it is available, provided that the associated origin as soon as it is available, provided that the
security properties of the alternative service protocol are security properties of the alternative service protocol are
desirable, as compared to the existing connection. desirable, as compared to the existing connection.
When a client uses an alternate service, it MUST emit the Service When a client uses an alternate service, it MUST emit the Alt-Svc-
header field (Section 4) on every request using that alternate Used header field (Section 5) on every request using that alternate
service. service.
The client is not required to block requests; the origin's connection The client does not need to block requests; the origin's connection
can be used until the alternative connection is established. can be used until the alternative connection is established.
However, if the security properties of the existing connection are However, if the security properties of the existing connection are
weak (e.g. cleartext HTTP/1.1) then it might make sense to block weak (e.g. cleartext HTTP/1.1) then it might make sense to block
until the new connection is fully available in order to avoid until the new connection is fully available in order to avoid
information leakage. information leakage.
Furthermore, if the connection to the alternative service fails or is Furthermore, if the connection to the alternative service fails or is
unresponsive, the client MAY fall back to using the origin. Note, unresponsive, the client MAY fall back to using the origin. Note,
however, that this could be the basis of a downgrade attack, thus however, that this could be the basis of a downgrade attack, thus
losing any enhanced security properties of the alternative service. losing any enhanced security properties of the alternative service.
3. The Alt-Svc HTTP Header Field 3. The Alt-Svc HTTP Header Field
An HTTP(S) origin server can advertise the availability of An HTTP(S) origin server can advertise the availability of
alternative services to clients by adding an Alt-Svc header field to alternative services to clients by adding an Alt-Svc header field to
responses. responses.
Alt-Svc = 1#( alternative *( OWS ";" OWS parameter ) ) Alt-Svc = 1#( alternative *( OWS ";" OWS parameter ) )
alternative = protocol-id "=" port alternative = protocol-id "=" alt-authority
protocol-id = token ; percent-encoded ALPN protocol identifier protocol-id = token ; percent-encoded ALPN protocol identifier
alt-authority = token / quoted-string
; containing [ uri-host ] ":" port
ALPN protocol names are octet sequences with no additional ALPN protocol names are octet sequences with no additional
constraints on format. Octets not allowed in tokens ([HTTP-p1], constraints on format. Octets not allowed in tokens ([RFC7230],
Section 3.2.6) MUST be percent-encoded as per Section 2.1 of Section 3.2.6) MUST be percent-encoded as per Section 2.1 of
[RFC3986]. Consequently, the octet representing the percent [RFC3986]. Consequently, the octet representing the percent
character "%" (hex 25) MUST be percent-encoded as well. character "%" (hex 25) MUST be percent-encoded as well.
In order to have precisely one way to represent any ALPN protocol In order to have precisely one way to represent any ALPN protocol
name, the following additional constraints apply: name, the following additional constraints apply:
1. Octets in the ALPN protocol MUST NOT be percent-encoded if they 1. Octets in the ALPN protocol MUST NOT be percent-encoded if they
are valid token characters except "%", and are valid token characters except "%", and
2. When using percent-encoding, uppercase hex digits MUST be used. 2. When using percent-encoding, uppercase hex digits MUST be used.
With these constraints, recipients can apply simple string comparison With these constraints, recipients can apply simple string comparison
to match protocol identifiers. to match protocol identifiers.
The "alt-authority" component consists of an OPTIONAL uri-host
("host" in Section 3.2.2 of [RFC3986]), a colon (":"), and a port
number.
For example: For example:
Alt-Svc: http2=8000 Alt-Svc: http2=":8000"
This indicates that the "http2" protocol on the same host using the This indicates the "http2" protocol on the same host using the
indicated port (in this case, 8000). indicated port 8000.
An example involving a change of host:
Alt-Svc: http2="new.example.org:80"
This indicates the "http2" protocol on the host "new.example.org",
running on port 80. Note that the "quoted-string" syntax needs to be
used when a host is specified in addition to a port (":" is not an
allowed character in "token").
Examples for protocol name escaping: Examples for protocol name escaping:
+--------------------+-------------+---------------------+ +--------------------+-------------+---------------------+
| ALPN protocol name | protocol-id | Note | | ALPN protocol name | protocol-id | Note |
+--------------------+-------------+---------------------+ +--------------------+-------------+---------------------+
| http2 | http2 | No escaping needed | | http2 | http2 | No escaping needed |
+--------------------+-------------+---------------------+ +--------------------+-------------+---------------------+
| w=x:y#z | w%3Dx%3Ay#z | "=" and ":" escaped | | w=x:y#z | w%3Dx%3Ay#z | "=" and ":" escaped |
+--------------------+-------------+---------------------+ +--------------------+-------------+---------------------+
skipping to change at page 8, line 25 skipping to change at page 8, line 41
+--------------------+-------------+---------------------+ +--------------------+-------------+---------------------+
Alt-Svc MAY occur in any HTTP response message, regardless of the Alt-Svc MAY occur in any HTTP response message, regardless of the
status code. status code.
Alt-Svc does not allow advertisement of alternative services on other Alt-Svc does not allow advertisement of alternative services on other
hosts, to protect against various header-based attacks. hosts, to protect against various header-based attacks.
It can, however, have multiple values: It can, however, have multiple values:
Alt-Svc: h2c=8000, h2=443 Alt-Svc: h2c=":8000", h2=":443"
The value(s) advertised by Alt-Svc can be used by clients to open a The value(s) advertised by Alt-Svc can be used by clients to open a
new connection to one or more alternative services immediately, or new connection to one or more alternative services immediately, or
simultaneously with subsequent requests on the same connection. simultaneously with subsequent requests on the same connection.
Intermediaries MUST NOT change or append Alt-Svc field values. To reduce the ability of servers to track individual clients over
time (see Section 9.4), an alternative service indication sent by a
client SHOULD NOT include any alternative service information other
than the protocol, host and port.
When using HTTP/2 ([HTTP2]), clients SHOULD instead send an ALTSVC
frame. A single ALTSVC frame can be sent for a connection; a new
frame is not needed for every request.
Note that all field elements that allow "quoted-string" syntax MUST
be processed as per Section 3.2.6 of [RFC7230].
3.1. Caching Alt-Svc Header Field Values 3.1. Caching Alt-Svc Header Field Values
When an alternative service is advertised using Alt-Svc, it is When an alternative service is advertised using Alt-Svc, it is
considered fresh for 24 hours from generation of the message. This considered fresh for 24 hours from generation of the message. This
can be modified with the 'ma' (max-age) parameter; can be modified with the 'ma' (max-age) parameter;
Alt-Svc: h2=443;ma=3600 Alt-Svc: h2=":443"; ma=3600
which indicates the number of seconds since the response was which indicates the number of seconds since the response was
generated the alternative service is considered fresh for. generated the alternative service is considered fresh for.
ma = delta-seconds ma = delta-seconds
See Section 4.2.3 of [HTTP-p6] for details of determining response See Section 4.2.3 of [RFC7234] for details of determining response
age. age.
For example, a response: For example, a response:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: text/html Content-Type: text/html
Cache-Control: 600 Cache-Control: 600
Age: 30 Age: 30
Alt-Svc: h2c=8000; ma=60 Alt-Svc: h2c=":8000"; ma=60
indicates that an alternative service is available and usable for the indicates that an alternative service is available and usable for the
next 60 seconds. However, the response has already been cached for next 60 seconds. However, the response has already been cached for
30 seconds (as per the Age header field value), so therefore the 30 seconds (as per the Age header field value), so therefore the
alternative service is only fresh for the 30 seconds from when this alternative service is only fresh for the 30 seconds from when this
response was received, minus estimated transit time. response was received, minus estimated transit time.
When an Alt-Svc response header field is received from an origin, its When an Alt-Svc response header field is received from an origin, its
value invalidates and replaces all cached alternative services for value invalidates and replaces all cached alternative services for
that origin. that origin.
See Section 2.2 for general requirements on caching alternative See Section 2.2 for general requirements on caching alternative
services. services.
Note that the freshness lifetime for HTTP caching (here, 600 seconds) Note that the freshness lifetime for HTTP caching (here, 600 seconds)
does not affect caching of Alt-Svc values. does not affect caching of Alt-Svc values.
4. The Service HTTP Header Field 4. The ALTSVC HTTP/2 Frame
The Service HTTP header field is used in requests to indicate the The ALTSVC HTTP/2 frame ([HTTP2], Section 4) advertises the
identity of the alternate service in use, just as the Host header availability of an alternative service to an HTTP/2 client.
field identifies the host and port of the origin.
Service = uri-host [ ":" port ] The ALTSVC frame is a non-critical extension to HTTP/2. Endpoints
that do not support this frame can safely ignore it.
Service is intended to allow alternate services to detect loops, An ALTSVC frame on a client-initiated stream indicates that the
differentiate traffic for purposes of load balancing, and generally conveyed alternative service is associated with the origin of that
to ensure that it is possible to identify the intended destination of stream.
traffic, since introducing this information after a protocol is in
use has proven to be problematic.
When using an Alternate Service, clients MUST include a Service An ALTSVC frame on stream 0 indicates that the conveyed alternative
header in all requests. service is associated with the origin contained in the Origin field
of the frame. An association with an origin that the client does not
consider authoritative for the current connection MUST be ignored.
For example: The ALTSVC frame type is 0xa (decimal 10).
GET /thing 0 1 2 3
Host: origin.example.com 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Service: alternate.example.net +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
User-Agent: Example/1.0 | Max-Age (32) |
+-------------------------------+---------------+---------------+
| Port (16) | Proto-Len (8) |
+-------------------------------+---------------+---------------+
| Protocol-ID (*) |
+---------------+-----------------------------------------------+
| Host-Len (8) | Host (*) ...
+---------------+-----------------------------------------------+
| Origin? (*) ...
+---------------------------------------------------------------+
5. The 421 Not Authoritative HTTP Status Code ALTSVC Frame Payload
The 421 (Not Authoritative) status code indicates that the current The ALTSVC frame contains the following fields:
origin server (usually, but not always an alternative service; see
Section 2) is not authoritative for the requested resource, in the
sense of [HTTP-p1], Section 9.1.
Clients receiving 421 (Not Authoritative) from an alternative service Max-Age: An unsigned, 32-bit integer indicating the freshness
MUST remove the corresponding entry from its alternative service lifetime of the alternative service association, as per
cache (see Section 2.2) for that origin. Regardless of the Section 2.2.
idempotency of the request method, they MAY retry the request, either
at another alternative server, or at the origin.
421 (Not Authoritative) MAY carry an Alt-Svc header field. Port: An unsigned, 16-bit integer indicating the port that the
alternative service is available upon.
This status code MUST NOT be generated by proxies. Proto-Len: An unsigned, 8-bit integer indicating the length, in
octets, of the Protocol-ID field.
A 421 response is cacheable by default; i.e., unless otherwise Protocol-ID: A sequence of bytes (length determined by "Proto-Len")
indicated by the method definition or explicit cache controls (see containing the ALPN protocol identifier of the alternative
Section 4.2.2 of [HTTP-p6]). service.
[[apr: This really ought to be 420.]] Host-Len: An unsigned, 8-bit integer indicating the length, in
octets, of the Host header field.
6. IANA Considerations Host: A sequence of characters (length determined by "Host-Len")
containing an ASCII string indicating the host that the
alternative service is available upon.
6.1. The Alt-Svc Message Header Field Origin: An OPTIONAL sequence of characters (length determined by
subtracting the length of all preceding fields from the frame
length) containing the ASCII serialisation of an origin
([RFC6454], Section 6.2) that the alternate service is applicable
to.
This document registers Alt-Svc in the Permanent Message Header The ALTSVC frame does not define any flags.
Registry [RFC3864].
o Header Field Name: Alt-Svc The ALTSVC frame is intended for receipt by clients; a server that
receives an ALTSVC frame MUST treat it as a connection error of type
PROTOCOL_ERROR.
o Application Protocol: http The ALTSVC frame is processed hop-by-hop. An intermediary MUST NOT
forward ALTSVC frames, though it can use the information contained in
ALTSVC frames in forming new ALTSVC frames to send to its own
clients.
o Status: standard 5. The Alt-Svc-Used HTTP Header Field
o Author/Change Controller: IETF The Alt-Svc-Used HTTP header field is used in requests to indicate
that an alternate service is in use.
o Specification Document: [this document] Alt-Svc-Used = ("1" / "0") *( OWS ";" OWS Alt-Svc-Used-Ext )
Alt-Svc-Used-Ext = token "=" ( token / quoted-string )
o Related Information: Alt-Svc-Used is intended to allow alternate services to avoid sending
alternative service indications where there is a risk of generating a
loops. It also allows a service to identify requests for accounting
and load balancing purposes.
6.2. The Service Message Header Field When using an alternative service, clients MUST include a Alt-Svc-
Used header field in all requests.
This document registers Alt-Svc in the Permanent Message Header For example:
Registry [RFC3864].
o Header Field Name: Service GET /thing HTTP/1.1
Host: origin.example.com
Alt-Svc-Used: 1
o Application Protocol: http The extension parameters (Alt-Svc-Used-Ext) are reserved for future
use; specifications that want to define an extension will need to
update this document (and ought to introduce an extension registry).
o Status: standard 6. The 421 Not Authoritative HTTP Status Code
o Author/Change Controller: IETF The 421 (Not Authoritative) status code is defined in [HTTP2],
Section 9.1.2 to indicate that the current server instance is not
authoritative for the requested resource. This can be used to
indicate that an alternative service is not authoritative; see
Section 2).
o Specification Document: [this document] Clients receiving 421 (Not Authoritative) from an alternative service
MUST remove the corresponding entry from its alternative service
cache (see Section 2.2) for that origin. Regardless of the
idempotency of the request method, they MAY retry the request, either
at another alternative server, or at the origin.
o Related Information: A 421 (Not Authoritative) response MAY carry an Alt-Svc header field.
6.3. The 421 Not Authoritative HTTP Status Code 7. IANA Considerations
This document registers the 421 (Not Authoritative) HTTP Status code 7.1. Header Field Registrations
in the Hypertext Transfer Protocol (HTTP) Status Code Registry
([HTTP-p2], Section 8.2).
Status Code: 421 HTTP header fields are registered within the "Message Headers"
registry maintained at
<https://www.iana.org/assignments/message-headers/>.
Short Description: Not Authoritative This document defines the following HTTP header fields, so their
associated registry entries shall be added according to the permanent
registrations below (see [BCP90]):
Specification: Section 5 of this document +-------------------+----------+----------+-----------+
| Header Field Name | Protocol | Status | Reference |
+-------------------+----------+----------+-----------+
| Alt-Svc | http | standard | Section 3 |
| Alt-Svc-Used | http | standard | Section 5 |
+-------------------+----------+----------+-----------+
7. Security Considerations The change controller is: "IETF (iesg@ietf.org) - Internet
Engineering Task Force".
[[anchor1: Identified security considerations should be enumerated in 7.2. The ALTSVC HTTP/2 Frame Type
the appropriate documents depending on which proposals are accepted.
Those listed below are generic to all uses of alternative services;
more specific ones might be necessary.]]
7.1. Changing Ports This document registers the ALTSVC frame type in the HTTP/2 Frame
Types registry ([HTTP2], Section 11.2).
Frame Type: ALTSVC
Code: 0xa
Specification: Section 4 of this document
8. Internationalization Considerations
An internationalized domain name that appears in either the header
field (Section 3) or the HTTP/2 frame (Section 4) MUST be expressed
using A-labels ([RFC5890], Section 2.3.2.1).
9. Security Considerations
9.1. Changing Ports
Using an alternative service implies accessing an origin's resources Using an alternative service implies accessing an origin's resources
on an alternative port, at a minimum. An attacker that can inject on an alternative port, at a minimum. An attacker that can inject
alternative services and listen at the advertised port is therefore alternative services and listen at the advertised port is therefore
able to hijack an origin. able to hijack an origin.
For example, an attacker that can add HTTP response header fields can For example, an attacker that can add HTTP response header fields can
redirect traffic to a different port on the same host using the Alt- redirect traffic to a different port on the same host using the Alt-
Svc header field; if that port is under the attacker's control, they Svc header field; if that port is under the attacker's control, they
can thus masquerade as the HTTP server. can thus masquerade as the HTTP server.
This risk can be mitigated by restricting the ability to advertise This risk can be mitigated by restricting the ability to advertise
alternative services, and restricting who can open a port for alternative services, and restricting who can open a port for
listening on that host. listening on that host.
7.2. Changing Hosts 9.2. Changing Hosts
When the host is changed due to the use of an alternative service, it When the host is changed due to the use of an alternative service, it
presents an opportunity for attackers to hijack communication to an presents an opportunity for attackers to hijack communication to an
origin. origin.
For example, if an attacker can convince a user agent to send all For example, if an attacker can convince a user agent to send all
traffic for "innocent.example.org" to "evil.example.com" by traffic for "innocent.example.org" to "evil.example.com" by
successfully associating it as an alternative service, they can successfully associating it as an alternative service, they can
masquerade as that origin. This can be done locally (see mitigations masquerade as that origin. This can be done locally (see mitigations
above) or remotely (e.g., by an intermediary as a man-in-the-middle above) or remotely (e.g., by an intermediary as a man-in-the-middle
skipping to change at page 12, line 39 skipping to change at page 14, line 26
Alternative services could be used to persist such an attack; for Alternative services could be used to persist such an attack; for
example, an intermediary could man-in-the-middle TLS-protected example, an intermediary could man-in-the-middle TLS-protected
communication to a target, and then direct all traffic to an communication to a target, and then direct all traffic to an
alternative service with a large freshness lifetime, so that the user alternative service with a large freshness lifetime, so that the user
agent still directs traffic to the attacker even when not using the agent still directs traffic to the attacker even when not using the
intermediary. intermediary.
As a result, there is a requirement in Section 2.2 to examine cached As a result, there is a requirement in Section 2.2 to examine cached
alternative services when a network change is detected. alternative services when a network change is detected.
7.3. Changing Protocols 9.3. Changing Protocols
When the ALPN protocol is changed due to the use of an alternative When the ALPN protocol is changed due to the use of an alternative
service, the security properties of the new connection to the origin service, the security properties of the new connection to the origin
can be different from that of the "normal" connection to the origin, can be different from that of the "normal" connection to the origin,
because the protocol identifier itself implies this. because the protocol identifier itself implies this.
For example, if a "https://" URI had a protocol advertised that does For example, if a "https://" URI had a protocol advertised that does
not use some form of end-to-end encryption (most likely, TLS), it not use some form of end-to-end encryption (most likely, TLS), it
violates the expectations for security that the URI scheme implies. violates the expectations for security that the URI scheme implies.
Therefore, clients cannot blindly use alternative services, but Therefore, clients cannot blindly use alternative services, but
instead evaluate the option(s) presented to assure that security instead evaluate the option(s) presented to assure that security
requirements and expectations (of specifications, implementations and requirements and expectations (of specifications, implementations and
end users) are met. end users) are met.
8. Acknowledgements 9.4. Tracking Clients Using Alternative Services
The alternative service indicator (Section 5) provided by clients
provides a server the means of correlating requests. If the
alternative service indicator includes a sufficiently unique
identifier, requests made to an alternative service can be correlated
with the original alternative service advertisement.
Clients that do not wish to be tracked MAY choose to ignore
alternative service advertisements.
In a browser, any alternative service information MUST be removed
when origin-specific data is cleared (for instance, when cookies are
cleared).
10. Acknowledgements
Thanks to Eliot Lear, Stephen Farrell, Guy Podjarny, Stephen Ludin, Thanks to Eliot Lear, Stephen Farrell, Guy Podjarny, Stephen Ludin,
Erik Nygren, Paul Hoffman, Adam Langley, Will Chan and Richard Barnes Erik Nygren, Paul Hoffman, Adam Langley, Will Chan and Richard Barnes
for their feedback and suggestions. for their feedback and suggestions.
The Alt-Svc header field was influenced by the design of the The Alt-Svc header field was influenced by the design of the
Alternative-Protocol header field in SPDY. Alternate-Protocol header field in SPDY.
9. References 11. References
9.1. Normative References 11.1. Normative References
[HTTP-p1] Fielding, R., Ed. and J. Reschke, [ALPN] Friedl, S., Popov, A., Langley, A., and S. Emile,
Ed., "Hypertext Transfer Protocol "Transport Layer Security (TLS) Application Layer Protocol
(HTTP/1.1): Message Syntax and Negotiation Extension", draft-ietf-tls-applayerprotoneg-05
Routing", (work in progress), March 2014.
draft-ietf-httpbis-p1-messaging-26
(work in progress), February 2014.
[HTTP-p6] Fielding, R., Ed., Nottingham, M., [HTTP2] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol version 2", draft-ietf-httpbis-http2-13
Transfer Protocol (HTTP/1.1): (work in progress), June 2014.
Caching",
draft-ietf-httpbis-p6-cache-26 (work
in progress), February 2014.
[I-D.ietf-tls-applayerprotoneg] Friedl, S., Popov, A., Langley, A., [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
and S. Emile, "Transport Layer Requirement Levels", BCP 14, RFC 2119, March 1997.
Security (TLS) Application Layer
Protocol Negotiation Extension",
draft-ietf-tls-applayerprotoneg-05
(work in progress), March 2014.
[RFC2119] Bradner, S., "Key words for use in [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
RFCs to Indicate Requirement Resource Identifier (URI): Generic Syntax", STD 66,
Levels", BCP 14, RFC 2119, RFC 3986, January 2005.
March 1997.
[RFC3986] Berners-Lee, T., Fielding, R., and [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
L. Masinter, "Uniform Resource Specifications: ABNF", STD 68, RFC 5234, January 2008.
Identifier (URI): Generic Syntax",
STD 66, RFC 3986, January 2005.
[RFC5234] Crocker, D. and P. Overell, [RFC5890] Klensin, J., "Internationalized Domain Names for
"Augmented BNF for Syntax Applications (IDNA): Definitions and Document Framework",
Specifications: ABNF", STD 68, RFC 5890, August 2010.
RFC 5234, January 2008.
[RFC6066] Eastlake, D., "Transport Layer [RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions:
Security (TLS) Extensions: Extension Extension Definitions", RFC 6066, January 2011.
Definitions", RFC 6066,
January 2011.
[RFC6454] Barth, A., "The Web Origin Concept", [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454,
RFC 6454, December 2011. December 2011.
9.2. Informative References [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, June 2014.
[HTTP-p2] Fielding, R., Ed. and J. Reschke, [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "Hypertext Transfer Protocol Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
(HTTP/1.1): Semantics and Content", RFC 7234, June 2014.
draft-ietf-httpbis-p2-semantics-26
(work in progress), February 2014.
[HTTP2] Belshe, M., Peon, R., and M. 11.2. Informative References
Thomson, Ed., "Hypertext Transfer
Protocol version 2",
draft-ietf-httpbis-http2-10 (work in
progress), February 2014.
[RFC3864] Klyne, G., Nottingham, M., and J. [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Mogul, "Registration Procedures for Procedures for Message Header Fields", BCP 90, RFC 3864,
Message Header Fields", BCP 90, September 2004.
RFC 3864, September 2004.
[RFC5246] Dierks, T. and E. Rescorla, "The [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
Transport Layer Security (TLS) (TLS) Protocol Version 1.2", RFC 5246, August 2008.
Protocol Version 1.2", RFC 5246,
August 2008.
Appendix A. Change Log (to be removed by RFC Editor before publication) Appendix A. Change Log (to be removed by RFC Editor before publication)
A.1. Since draft-nottingham-httpbis-alt-svc-05 A.1. Since draft-nottingham-httpbis-alt-svc-05
This is the first version after adoption of This is the first version after adoption of
draft-nottingham-httpbis-alt-svc-05 as Working Group work item. It draft-nottingham-httpbis-alt-svc-05 as Working Group work item. It
only contains editorial changes. only contains editorial changes.
A.2. Since draft-ietf-httpbis-alt-svc-00 A.2. Since draft-ietf-httpbis-alt-svc-00
Selected 421 as proposed status code for "Not Authoritative". Selected 421 as proposed status code for "Not Authoritative".
Changed header field syntax to use percent-encoding of ALPN protocol Changed header field syntax to use percent-encoding of ALPN protocol
names (<https://github.com/http2/http2-spec/issues/446>). names (<https://github.com/http2/http2-spec/issues/446>).
A.3. Since draft-ietf-httpbis-alt-svc-01
Updated HTTP/1.1 references.
Renamed "Service" to "Alt-Svc-Used" and reduced information to a flag
to address fingerprinting concerns
(<https://github.com/http2/http2-spec/issues/502>).
Note that ALTSVC frame is preferred to Alt-Svc header field
(<https://github.com/http2/http2-spec/pull/503>).
Incorporate ALTSRV frame
(<https://github.com/http2/http2-spec/pull/507>).
Moved definition of status code 421 to HTTP/2.
Partly resolved <https://github.com/httpwg/http-extensions/issues/5>.
Authors' Addresses Authors' Addresses
Mark Nottingham Mark Nottingham
Akamai Akamai
EMail: mnot@mnot.net EMail: mnot@mnot.net
URI: http://www.mnot.net/ URI: https://www.mnot.net/
Patrick McManus Patrick McManus
Mozilla Mozilla
EMail: mcmanus@ducksong.com EMail: mcmanus@ducksong.com
URI: https://mozillians.org/u/pmcmanus/ URI: https://mozillians.org/u/pmcmanus/
Julian F. Reschke Julian F. Reschke
greenbytes GmbH greenbytes GmbH
EMail: julian.reschke@greenbytes.de EMail: julian.reschke@greenbytes.de
URI: http://greenbytes.de/tech/webdav/ URI: https://greenbytes.de/tech/webdav/
 End of changes. 94 change blocks. 
190 lines changed or deleted 288 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/